>It was easy to abstract apr_ldap_init() to support STARTTLS, it's not
as
>easy to abstract it to support client certificates.
>
>How are client certificates specified within the Novell toolkit?
With the API's ldapssl_set_client_cert() and
ldapssl_set_client_private_key()
Brad
>>> "Graham Leggett" Thursday, January 06, 2005 1:11
AM >>>
Brad Nicholes said:
> The problem is that other SDKs such as Novell, do not use
> ldap_set_option() to set the certificates or the SSL mode. Novell
uses
> ldapssl_add_trusted_cert() and ldapssl_start_tls(). As it stands
the
> apr_ldap_add_cert() function allows you to add as many certificates
as
> you like doing the correct thing for all SDKs under the covers.
> apr_ldap_init() is doing the right thing as far as starting SSL, TLS
or
> clear ldap connection regardless of the SDK. Using
> apr_ldap_set_option() to set certificates or SSL modes would be SDK
> specific. It has to be abstracted by APR.
That was exactly the point - it would be abstracted by APR. I think
the
concern seems to be that the API is getting messy, which is exactly
the
thing we're trying to move away from.
It was easy to abstract apr_ldap_init() to support STARTTLS, it's not
as
easy to abstract it to support client certificates.
How are client certificates specified within the Novell toolkit?
Regards,
Graham
--